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DETAILED ACTION 

1. The application has been examined. Claims 1 - 23 are pending in this office 
action. 

Claim Objections 

2. Claims 2, 3, 10, 12 - 14 and 18-20 are objected to because of the following 
informalities: Claims 2, 3, 10, 12 - 14 and 18-20 recite in the claims abbreviated 
words like HIPAA, GLBA and CVE. These abbreviated elements need to be explained 
or stated in full form in the claims. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1 - 23 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Williams et al. (Williams 1 herein after) (US 2005/0015623 A1). 



With respect to claim 1 , 
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Williams discloses a method for testing compliance of a target comprising the 
steps of: providing a set of regulations, providing a set of vulnerabilities (figure 1 and 
paragraph 0052, Williams); providing a mapping relationship between at least one 
regulation and at least one vulnerability (paragraphs 101 and 108, Williams); testing a 
target for a vulnerability in the set of vulnerabilities to determine a vulnerability violation 
(paragraph 0057, Williams); associating a regulation in the set of regulations with the 
vulnerability violation as a function of the mapping to determine a regulation violation 
(paragraphs 0062, 0073, Williams). 

With respect to claim 2, 

Williams discloses the method of claim 1 wherein the regulations are defined by 
HIPAA (paragraph 0066, Williams). 

With respect to claim 3, 

Williams discloses the method of claim 1 wherein the regulations are defined by 
GLBA (paragraph 0066, Williams). 

With respect to claim 4, 

Williams discloses the method of claim 1 wherein the providing a mapping step 
further comprises creating a relational database (paragraphs 0053 and 0136 - 0137, 
Williams). 
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With respect to claim 5, 

Williams discloses the method of claim 4 further comprising: providing a keyword; 
scanning the set of regulations by the keyword for a keyed regulation; scanning the set 
of vulnerabilities by the keyword for a keyed vulnerability; grouping the keyed regulation 
with the keyed vulnerability (paragraphs 0139 and 0141 , Williams). 

With respect to claim 6, 

Williams discloses the method of claim 1 wherein the testing step further 
comprises scanning a target to provide a system scan (paragraphs 0109, Williams). 

With respect to claim 7, 

Williams discloses the method of claim 6 further comprising the step of providing 
a test set as a function of the system scan (paragraphs 01 1 1 - 01 12, Williams). 

With respect to claim 8, 

Williams discloses the method of claim 1 further comprising generating a report 
including an IP address of the target together with the regulation violation (paragraph 
0170, Williams). 



With respect to claim 9, 
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Williams discloses the method of claim 1 further comprising the step of assigning 
a priority to the regulation violation (paragraph 0160, Williams). 

With respect to claim 10, 

Williams discloses the method of claim 1 wherein the set of vulnerabilities are 
defined by CVE (paragraph 0168, Williams). 

With respect to claim 1 1 , 

Williams discloses a security and vulnerability'testing system comprising: a 
processor (figure 1, Williams); memory operably connected to the processor (figure 1, 
Williams); wherein the memory contains a program executable by the processor to: 
search a set of regulations by keyword for a keyed regulation (paragraph 0052, 
Williams); search a set of vulnerabilities by the keyword for a keyed vulnerability 
(paragraphs 0139 and 0141, Williams); map the keyed regulation to the keyed 
vulnerability by the keyword to provide a mapping (paragraphs 101 and 108, Williams); 
test a target for the keyed vulnerability to determine a vulnerability violation (paragraph 
0057, Williams); determine a regulation violation corresponding to the vulnerability 
violation as a function of the mapping (paragraphs 0062, 0073, Williams). 

With respect to claim 12, 

Williams discloses the system of claim 10 wherein the regulations are defined by 
HIPAA (paragraph 0066, Williams). 
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With respect to claim 13, 

Williams discloses the system of claim 10 wherein the regulations are defined by 
GLBA (paragraph 0066, Williams). 

With respect to claim 14, 

Williams discloses the system of claim 10 wherein the set of vulnerabilities are 
defined by CVE (paragraph 0168, Williams). 

With respect to claim 15, 

Williams discloses the system of claim 10 wherein the program is further 
executable by the processor to scan a target and determine a corresponding test set 
(paragraphs 0111 - 0112, Williams). 

With respect to claim 16, 

Williams discloses the system of claim 10 wherein the program is further 
executable by the processor to generate a report including an IP address of the target 
together with the regulation violation (paragraph 0170, Williams). 

With respect to claim 17, 

Williams discloses a computer-executable process steps, stored on a computer- 
readable medium and executable by a processor to perform the steps of: search a set 
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of regulations by keyword for a keyed regulation (paragraph 0052, Williams); search a 
set of vulnerabilities by the keyword for a keyed vulnerability (paragraphs 0139 and 
0141, Williams); map the keyed regulation to the keyed vulnerability to provide a 
mapping (paragraphs 101 and 108, Williams); test a target for the keyed vulnerability to 
determine a vulnerability violation (paragraph 0057, Williams); determine a regulation 
violation by the keyed vulnerability as a function of the mapping (paragraphs 0062, 
0073, Williams). 

With respect to claim 18, 

Williams discloses the steps of claim 17 wherein the regulations are defined by 
HIPAA (paragraph 0066, Williams). 

With respect to claim 19, 

Williams discloses the steps of claim 17 wherein the regulations are defined by 
GLBA (paragraph 0066, Williams). 

With respect to claim 20, . 

Williams discloses the steps of claim 17 wherein the set of vulnerabilities are 
defined by CVE (paragraph 0168, Williams). 



With respect to claim 21 , 
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Williams discloses the steps of claim 17 further executable by the processor to 
scan a target and determine a corresponding test set (paragraphs 01 1 1 - 01 12, 
Williams). 

With respect to claim 22, 

Williams discloses the steps of claim 17 further executable by the processor to 
generate a report including an IP address of the target together with the regulation 
violation (paragraph 0170, Williams). 

With respect to claim 23, 

Williams discloses the steps of claim 17 further executable by the processor to 
assign a priority to the regulation violation (paragraph 0160, Williams). 
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Contact Information 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Navneet K. Ahluwalia whose telephone number is 571- 
272-5636. The examiner can normally be reached on 8:30am - 5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Alam T. Hosain can be reached on 571-272-3978. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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